Hi! I just want to share my hack, as it will likely be valuable to others as well. I have a not so uncommon setup: People login via HTTP Basic Authentication (popup window in the webbrowser). The webserver manages the login via LDAP. Once logged in, they have access to several webservices like wiki, file safe (Nextcloud or something), InfCloud and others. So clearly I do not want any login page. The login credentials are known by the webserver and webbrowser. The webbrowser will happily send them again without user interaction. Officially there seems to be no way to login without the login screen, but without hard-coding credentials in the config.js.
1) Rename InfCloud’s index.html to index.php.
You should try this out. Maybe you better use another language, if PHP is not available to your webserver. In my case, DAViCal is running on the same webserver, which is written in PHP. So, obviously, I can run PHP scripts.
2) In the lines around 620 in index.php, there are some hidden form fields (<input id="foo" type="hidden" value=""/>. Add two more like this:
<input id="foo-login" type="hidden" value="<?=htmlspecialchars($_SERVER['PHP_AUTH_USER'])?>"/>
<input id="foo-pw" type="hidden" value="<?=htmlspecialchars($_SERVER['PHP_AUTH_PW'])?>"/>
The effect is, that the user gets back an HTML file with their login credentials in cleartext in there. Don’t do this, if this is risky in your setup. In most cases this should not be risky, as the browser knows the credentials anyway; as well as anyone who can read the traffic between the browser and the InfCloud webserver.
3) In the beginning of the index.php, inside the <head></head> section, there are several lines starting with “<script”. Move all these lines to the end of the document, right before the closing </body> tag.
4) In config.js, enable the globalAccountSettings method (that one with the hard-coded credentials). But instead of really hard-coding some credentials there, you type (for example, if you have DAViCal installed in /cal/ and rewrite the URLs in your webserver config, so you can omit the part “/caldav.php”):
If both the WebDAV server and the InfCloud files are below the same principal URL (same vhost), then a better solution would be, if InfCloud would simply try to access the WebDAV server without sending any login credentials. The WebDAV server would then reply with 401 and the browser would resend the request with the already-known credentials in the request header. This would be much less of a hack. Maybe somene else wants to try that.
All of a sudden InfCloud is missing events.
I'm running InfCloud 0.13.2.rc2 since the end of 2015 using FireFox on
Fedora. The DAViCal server is running on a separate system.
InfCloud didn't change and neither did the DAViCal server. I did upgrade
FireFox as part of regular system upgrades.
This morning I noticed, the hard way, that a repeating event was missing
from InfCloud. It is just gone. All occurrences, including past occurrences.
The event is on the server, since other clients (Android phones and
tablets) display it.
This worries me very much. Is there anything I can do to find out what is
going on? I tried cahce_update but that didn't make a difference.
Update: InfCloud with Chromium doesn't show the missing events either.
Does infcloud support header "Access-Control-Allow-Origin <a-domain>"?
I tried to configure my caldav server with "Access-Control-Allow-Origin"
header set to <a-domain>", but infcloud seems to be unable to connect
the caldav server, reporting the following error in the browser's console:
> "Error: [netCheckAndCreateConfiguration: 'PROPFIND
https://<a-domain>/dav/'] code: '0' status: 'error' - see
https://www.inf-it.com/infcloud/readme.txt (cross-domain setup)"
When I set this "Access-Control-Allow-Origin" header to "*", it works.
I find it more secure to be able to set this header.
Can you tell me how is infcloud supposed to work with this header?